Columbus granted temporary restraining order against cyber expert
A Franklin County judge on Thursday granted the city of Columbus a temporary restraining order against a cybersecurity expert who has been telling the media about the public impact of the ransomware attack on city government.
Franklin County Common Pleas Judge Andria C. Noble approved the temporary restraining order, which bars cybersecurity expert David L. Ross Jr., who goes by “Connor Goodwolf,” “from accessing, and/or downloading, and/or disseminating” any of the files stolen from the city that were posted to the dark web.
The city attorney’s office, however, said Friday that a different judge, Common Pleas Judge Kim Brown, issued the restraining order. The online court docket doesn’t permit the public to see that document, and the file still lists Noble’s name as the judge in the case.
Goodwolf has been alerting the public through the media that personal information on city employees and public citizens — including driver’s license and Social Security information in some cases — was among that hacked from the city and posted online when the city refused to pay. The files include information on crime victims including domestic violence victims, and personal information about Columbus police officers including undercover police officers.
The latter has triggered at least two lawsuits against the city of Columbus seeking class-action status over the city’s failure to protect the plaintiffs’ personal information.
“I respect the judge’s decision to side with the City in this matter,” City Attorney Zach Klein, who filed a request for the temporary restraining order Thursday, said in a prepared release after the decision. “As City Attorney, I have a duty to do whatever I can to protect police, victims, undercover officers and the public when they are threatened with harm.
“This decision is a positive step to stem the dissemination of stolen confidential personnel and victim data—information that compromises active investigations and poses a threat to the lives and livelihoods of real people.”
The restraining order, which was issued in an “ex parte” procedure in which Ross wasn’t notified or permitted to defend himself from Klein’s accusations, bars Ross from getting on the city’s files on the dark web.
“The Court further finds the City’s concern that delaying the hearing to provide notice would permit the Defendant the opportunity to follow through with his purported intention of disseminating the confidential stolen data justifies the granting of this Order without notice,” according to a copy of the restraining order provided to The Dispatch by the city attorney’s office. The order is in effect for 14 days, and also orders Ross not to destroy or alter any information he has downloading, suggesting the city may try to indict him.
“City Attorney Klein’s actions show there are consequences for anyone who downloads and distributes the city’s stolen confidential data,” Mayor Andrew Ginther said after a Thursday press conference by Klein announcing his intentions to seek a restraining order.
In a series of disclosures, Ross has shown Ginther’s statements to be incorrect about the extent of damage done after Rhysida, a foreign cybercrime organization, hacked the city’s server farm and demanded a $1.7 million or 30 bitcoins to keep the information off the dark web. The hack was discovered in July by the city, which refused to pay the ransom.
Ross’ investigation has provided many more details about the risks to city employees and the general public — and has proven more accurate — than what the city has divulged, even prompting Ginther to correct himself about the extent of the damage.
“They’re trying to find a fall guy for their incompetence, which is not going to happen,” Ross told The Dispatch Thursday afternoon. “I’m getting in touch with the ACLU, getting a lawyer.” The end result of this, he said, is going to be “lawsuit after lawsuit against the city.”
“I’m going to be lawyering up and I’m going to go from there,” Ross said, joining police and firefighters who are suing the city for their data being stolen, putting finances at risk. Ross added that the city’s breach consultant tried to hire him earlier — which he was suspicious may have been an attempt to stop him from speaking publicly about the extent of the hack’s impact on the public while the city has been close-mouthed, citing an ongoing federal investigation into the matter.
It’s safe to say that, without Ross, the public would know almost nothing about the serious damage done by Ginther’s IT department in allowing reams sensitive information to be stolen. Far from disputing anything Ross has found on the dark web, the city has seemed to back up his findings — even to the point of approving free credit-monitoring services and identify-theft insurance for every city resident hours after Ginther proclaimed publicly that the data stolen was encrypted, and therefore useless.
More:Columbus data breach: Did the city’s new integrated computer control system play a role?
During a City Hall press conference Thursday afternoon, Klein didn’t say, when asked, that Ross has done anything illegal, and he wouldn’t comment on whether there is an ongoing criminal investigation into Ross’ handling and exposing of city data involved in the massive breach.
“I’ve said from day one that my priority as city attorney and my duty under the charter of this city is to protect public safety,” Klein said. “I took this action to help victims, witnesses and/or police who are out there every day to save lives.”
Klein said he is not trying to silence Ross, and that this doesn’t involve the First Amendment freedoms of speech and the press. But in disclosing details of hacked data to reporters, Ross may be divulging private details — undercover officers’ names, addresses of rape victims, the identities of confidential informants and suspects, all leaked in the hack — to family, friends and “frankly, who else?” Klein asked.
Ross has escalated the situation by parading around confidential police files, Klein said, adding that the city could have filed such a motion weeks ago if he had simply wanted to silence a critic.
Ginther on Thursday released a statement saying he is “furious” that the city has been victimized by cyber criminals.
Klein navigated around multiple questions on whether anyone in the world who could access the dark web could be looking at the same information Ross is viewing. Klein’s motion for the restraining order suggests that the data breach may have been in progress before July 18, stating that date was when “the city became aware it was a victim,” not the date it happened. The city hasn’t disclosed that date, leaving in question whether city residents’ data actually has been exposed for a longer period.
Asked if the city learned anything about the extent of the breach from Ross, Klein didn’t give a yes or no answer.
“There is nothing that I have not disclosed to the press that I could not disclose because of some sort of protection because of the investigation,” Klein said, adding that it would jeopardize the investigation by commenting on where law enforcement is in the process of understanding everything that was stolen.
Ross said he is investigating the breach, much like he assumes forensic teams working for law firms involved in suits against the city on behalf of police, firefighters and other employees are doing the same. Asked if Ross would potentially become the only person in the world prohibited from downloading the stolen city files for purposes of forensics, Klein said he didn’t want to discuss potential litigation and the ongoing criminal investigation.
“This is going to end up with a ‘color of law’ lawsuit, infringing on my First Amendment rights,” Ross said.
On Friday morning, Ross told The Dispatch he was still seeking an attorney to represent him. The restraining order says that Ross can, on two days’ notice to the city, “appear and move for dissolution or modification of this order, and in that event the Court shall proceed to hear and determine such motion as expeditiously as the ends of justice require.”
wbush@gannett.com
@ReporterBush
link